Vintinner, M. Scott:
> One of our very important clients (a major bank), is having ongoing
> problems with denial-of-service style dictionary SPAM attacks. Their
> anti-spam/firewall teams are slow to respond to these outbreaks, so
> there may be periods of several hours where we will get frequent
> connection refused messages as their resources are overloaded.
>
> As you know, the "cool-off" period in Postfix extends the retry delay of
> messages in the deferred queue from an initial time of
> $minimal_backoff_time to the maximum of $maximal_back_off time. So with
Postfix skips over "hot" queue files without opening them (the next
time to deliver is stored in the queue file's last modification time).
If Postfix had to read every deferred queue file every time, it
would perform worse with large deferred mail queues.
Changing the "next time to deliver" on a queue file does not work
because one message can have multiple recipients.
The per-message retry schedule is controlled with
{min,max}imal_backoff_time and with queue_run_delay.
The failed cohort limit does not control per-message behavior.
It controls per-domain behavior.
Thus, if you really must have domain dependent scheduling, then
you would need to route those recipients through a separate MTA
instance.
Wietse
